Skip to content
Servio Palacios edited this page Oct 21, 2019 · 17 revisions

Trellis++

Background

Cryptographic Hash Functions and Data Integrity

Trellis++ provides the first primitive, i.e., integrity protection of the private data and software code utilizing cryptographic hash functions. Cryptographic hash functions represent an input string or message as a hash value, i.e., a message digest. This message digest is a compact and uniquely identifiable representation of the input string. More formally, cryptographic hash functions (hash functions in short) map an arbitrary length input message $m$ to a fixed-length output h(m) referred to as hash-code, hash-value, or hash. For example: hash = h(m) h_SHA256(“Trellis++”)=“717860..1da0e5e979f95f68”

{cryptographic_hash_functions.png}

The hash function h comprises the following properties:

  • Compression: the function h with a domain D and range R maps a finite input of arbitrary bit-length, to an output h(x) of fixed-length; that is, h: D -> R and |D| > |R| and R is n bits long.
  • Easy forward computation: given an input string x and a function h, h(x) is easy to compute.
  • Preimage resistance: The output of the hash function h must not reveal any information about the input message $m$. That is, given a message digest y but no corresponding input string x, it is computationally infeasible to find h(x') = y.
  • 2nd-preimage resistance: Given a fixed x and x != x', it is computationally infeasible to find h(x) = h(x').
  • Collision Resistance: In simple words, it is extremely unlikely to find two different inputs that can produce the same digest (output.) It is computationally infeasible to compute h(x) = h(x'), given any two x and x’ where x and x' are distinct.

Public Key Encryption (PKE) Schemes

%For the following discussion, we use concepts [1]. Trellis++ provides a primitive for confidentiality through Public Key Encryption (PKE) Schemes. A transformation $E_k$ defines encryption of a message/plaintext $m$ to obtain a ciphertext $c$ using key $k$. That is, $c = E_k(m)$. A transformation $D_{k’}$ defines decryption of a ciphertext $c$ to obtain the original message $m$ using key $k’$. That is, $m = D_{k’}(c)$. Keys $k$ and $k’$ are said to have an asymmetric relationship in that a message encrypted with one key can only be decrypted with the other and vice-versa. A public-key encryption scheme PKE generates two asymmetric binary keys used to encrypt and sign data; the public key $b$ and the private/secret key $v$. The private key $v$ is assumed to be kept in a secure place and never exposed/revealed to an adversarial environment, ideally not even in an encrypted form. The security of PKE relies on it being computationally infeasible for an adversary to discover $v$ given $b$.

When PKE is used for encryption, two participants can exchange public keys prior to commencing encrypted communication. When one participant needs to send an encrypted message $m$ to the other, the sender can compute $c_b = E_b(m)$ where $b$ is the public key of the recipient, and then send $c_b$ over a potentially untrusted channel to the recipient, whose exclusive knowledge of their private key $v$ allows them to successfully decrypt the message by computing $m = D_v(c_b)$.

When used for authentication and data integrity, a participant wishes to prove that they are the holder of a particular private key $v$ without disclosing $v$ and also wishes to guarantee that some message is not altered after creation by an adversary. To accomplish this, the participant starts with a known message $m$ of arbitrary length, they create a fixed-length hash of that message $h(m)$, and then they compute a message signature as $c_v = E_v(h(m))$. This message signature $c_v$ and the corresponding public key $b$ are included with the original message $m$ and transferred to a recipient over a potentially untrusted channel. The recipient is able to compute $h’(m) = D_b(c_v)$ using the public key $b$ and the signature $c_v$, and can say with the mathematical confidence of computational infeasibility (assuming sufficient entropy in $m$) that if $h(m)=h’(m)$ then the signature could only have been created by someone with knowledge of the private key $v$ corresponding to the public key $b$, and they can also say with confidence that the message has not been altered since the signature was created.

%What remains is a mechanism to decide which public keys are trustworthy and which are not: i.e. we need a method to ensure that a valid key is authentic. The use of Public Key Infrastructure (PKI) enhances the security guarantees of the PKE schemes through the inclusion of a trusted third party called an issuer or certified authority (CA). An issuer generates digital certificates containing a client’s public key which the issuer signs with their private key. The issuer distributes their public key set through an accepted channel to all PKI participants, and therefore any participant which can prove they hold the private key corresponding to a public key from a digital certificate signed by the trusted issuer is assumed to be attested as trustworthy by the issuer.

Architecture

Trellis++ model without TEEs

The creation of a group and member-private-keys follows the next steps:

  • The issuer creates an issuing-private-key for the new group.
  • The issuer creates the group certificate that contains the group-public-key.
  • Through bulk-provisioning, the issuer generates unique Intel EPID member-private-keys.
  • A member creates an Intel EPID signature digitally signing a message m with the Intel EPID member-private-key.
  • The verifier checks the validity of a digital signature using the group-public-key that is embedded in the group digital certificate.

Some notes regarding the issuer and group signatures:

  • The issuer keeps the issuing-private-key in a secure place.
  • The issuer builds and maintains the revocation lists.
  • The issuer forgets any member-private-keys.
  • A single group-public-key corresponds to every member-private-key in the group.
  • The generated Intel EPID signature does not reveal any member's private identifiable information.

Note: Full description of use cases and applications will be posted after paper publication.

4.0 Example Applications

There are an enormous number of potential applications for Trellis++ with its OSC+PAC model. Here we show a few illustrative examples, but this list should by no means be considered exhaustive or even fully representative.

4.1 Trust Level 1: Automated Sustainability Reporting

A Consumer-Facing Food Company, known as CFFC, wishes to create periodic sustainability reports for consumers to strengthen their brand.

4.2 Trust Level 1: Planting Date Reporting

A farmer would like to report the dates they planted various fields to the Farm Services Agency (FSA).

4.3 Trust Level 2: Net Nutrient Application from Animal Waste Fertilizer

A livestock farmer must maintain records of total nitrogen, phosphorous, and potassium amounts applied to farm fields through the spreading of manure for approval from state environmental agencies.

4.4 Trust Level 2: Certified Fishing Catch Area

The global fishing industry would like to eliminate over-fishing by requiring fishing vessels to catch fish only in approved areas.

4.5 Trust Level 2: Export Certification for Product Applications

In fresh produce, often each export market has their own rules and regulations around which crop protection products (herbicides, insecticides, fungicides, etc.) can be applied to particular crops.

4.6 Trust Level 3: Organic Mass Balance

One of the more difficult certification problems is characterized by a mass balance. In its simplest form, there is some mass of product that has been certified to be produced (either based upon the total inputs to the process, or based upon a human auditor’s assessment), and the industry would like to know that the seller of a product indeed can certifiably produce that amount of that product. For example, if an organic farmer could receive a certification that they can or did produce 10 tons of organic apples, downstream buyers of those apples would like to know that the farmer has not re-used that 10-ton organic certification multiple times with multiple buyers, thereby selling potentially non-organic apples under an organic certificate.

Clone this wiki locally